{"id":"USN-2347-1","summary":"python-django vulnerabilities","details":"Florian Apolloner discovered that Django incorrectly validated URLs. A\nremote attacker could use this issue to conduct phishing attacks.\n(CVE-2014-0480)\n\nDavid Wilson discovered that Django incorrectly handled file name\ngeneration. A remote attacker could use this issue to cause Django to\nconsume resources, resulting in a denial of service. (CVE-2014-0481)\n\nDavid Greisen discovered that Django incorrectly handled certain headers in\ncontrib.auth.middleware.RemoteUserMiddleware. A remote authenticated user\ncould use this issue to hijack web sessions. (CVE-2014-0482)\n\nCollin Anderson discovered that Django incorrectly checked if a field\nrepresented a relationship between models in the administrative interface.\nA remote authenticated user could use this issue to possibly obtain\nsensitive information. (CVE-2014-0483)\n","modified":"2026-02-10T04:40:50Z","published":"2014-09-16T11:49:24Z","related":["UBUNTU-CVE-2014-0480","UBUNTU-CVE-2014-0481","UBUNTU-CVE-2014-0482","UBUNTU-CVE-2014-0483"],"upstream":["CVE-2014-0480","CVE-2014-0481","CVE-2014-0482","CVE-2014-0483","UBUNTU-CVE-2014-0480","UBUNTU-CVE-2014-0481","UBUNTU-CVE-2014-0482","UBUNTU-CVE-2014-0483"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-2347-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-0480"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-0481"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-0482"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-0483"}],"affected":[{"package":{"name":"python-django","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/python-django@1.6.1-2ubuntu0.4?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.6.1-2ubuntu0.4"}]}],"versions":["1.5.4-1ubuntu1","1.6-1","1.6.1-1","1.6.1-2","1.6.1-2ubuntu0.1","1.6.1-2ubuntu0.2","1.6.1-2ubuntu0.3"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"1.6.1-2ubuntu0.4","binary_name":"python-django"}]},"database_specific":{"cves_map":{"cves":[{"severity":[{"type":"Ubuntu","score":"low"}],"id":"CVE-2014-0480"},{"severity":[{"type":"Ubuntu","score":"low"}],"id":"CVE-2014-0481"},{"severity":[{"type":"Ubuntu","score":"medium"}],"id":"CVE-2014-0482"},{"severity":[{"type":"Ubuntu","score":"low"}],"id":"CVE-2014-0483"}],"ecosystem":"Ubuntu:14.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-2347-1.json"}}],"schema_version":"1.7.3"}